George, On Mon, Oct 10, 2016 at 11:44:56PM +0300, George L. Yermulnik wrote: G> > 2) To update your vulnerable system via a source code patch: G> G> > The following patches have been verified to apply to the applicable G> > FreeBSD release branches. G> G> > a) Download the relevant patch from the location below, and verify the G> > detached PGP signature using your PGP utility. G> G> > # fetch https://security.FreeBSD.org/patches/SA-16:31/libarchive.patch G> > # fetch https://security.FreeBSD.org/patches/SA-16:31/libarchive.patch.asc G> > # gpg --verify libarchive.patch.asc G> G> #> fetch https://security.FreeBSD.org/patches/SA-16:31/libarchive.patch G> fetch: https://security.FreeBSD.org/patches/SA-16:31/libarchive.patch: Not Found Should be either of this: https://security.FreeBSD.org/patches/SA-16:31/libarchive-10.1.patch https://security.FreeBSD.org/patches/SA-16:31/libarchive-10.2.patch https://security.FreeBSD.org/patches/SA-16:31/libarchive-10.3.patch -- Totus tuus, Glebius.
George L. Yermulnik
2016-Oct-10 21:37 UTC
FreeBSD Security Advisory FreeBSD-SA-16:31.libarchive
Hello! On Mon, 10 Oct 2016 at 14:23:42 (-0700), Gleb Smirnoff wrote:> G> > a) Download the relevant patch from the location below, and verify the > G> > detached PGP signature using your PGP utility. > G> > G> > # fetch https://security.FreeBSD.org/patches/SA-16:31/libarchive.patch > G> > # fetch https://security.FreeBSD.org/patches/SA-16:31/libarchive.patch.asc > G> > # gpg --verify libarchive.patch.asc > G> > G> #> fetch https://security.FreeBSD.org/patches/SA-16:31/libarchive.patch > G> fetch: https://security.FreeBSD.org/patches/SA-16:31/libarchive.patch: Not Found> Should be either of this:> https://security.FreeBSD.org/patches/SA-16:31/libarchive-10.1.patch > https://security.FreeBSD.org/patches/SA-16:31/libarchive-10.2.patch > https://security.FreeBSD.org/patches/SA-16:31/libarchive-10.3.patchThanx. I found that already, but Security Advisory is incorrect and that's the point. Anyway libarchive-10.3.patch generated on my 10.3 box a bunch of rejections, so I had to checkout contrib/libarchive/libarchive/ and lib/libarchive/tests/ from repository to be able to rebuild world. -- George L. Yermulnik [YZ-RIPE]